Quote:
Jack Simth said:
Are they? Or is it just a matter of the first fix not really addressing the issue? If so, you'd expect an open source project to have a lot more of them - simply due to the nature of open source; someone thinks they have it down, and publish for testing; a security expert republishes the fix, then testing comes back and says it doesn't work; so an update is needed. Meanwhile, MS tests in-house before publishing, and only rarely does the fix not stop that attack on the first published try.
Likewise, I'd also expect more originals on *nix than on MS; partially because *nix is open for people hunting for exploits (more eyes see more holes), partially because an exploit must be reported fairly publicly to be resolved (it's commonly other people looking for a plug to fit), and partially because it seems like it'd be a tad embarrassing to MS when they admit a mistake, so they might consolidate solutions and thereby sweep a few under the rug... or not tell anyone about some of the ones with the "Currently we are not aware of any exploits for this vulnerability" tag.
|
Without going into great detail, it’s a management issue, or lack there of.
Windows is the target of choice for botting and datamining for cc numbers and bank accounts. And while the people who do this are good, their resources are usually limited.
Nix is more of a two fold target. The Apache side of it draws a lot of industrial attention and UNIX FreeBSD side is methodically under attack by foreign governments as well as the industrial regulars. Of late, one government in particular has been spending lots of time inside US computer systems.
The main point of this post is not which is better, the point is that none of the Nix exploits ever get brought to the attention of the general public.